Introduction to Redundant Technology With the development of the Internet, large-scale campus networks have transformed from simple information carrying platforms to a public service providing platform.

Introduction to redundant technology

With the development of the Internet, large-scale campus networks have transformed from simple information carrying platforms to a public service provision platform. As an end user, I hope to maintain contact with the network at all times. Therefore, robustness, efficiency and reliability have become an important goal of the development of the park network. To ensure the reliability of the network, redundant technology is required. The experience that high redundant networks want to bring us is that when network devices and links are interrupted or changed, users can hardly feel it.

In order to achieve this goal, redundancy needs to be implemented on all links of the park network, including network equipment, links and WAN exits, user side, etc. The redundant deployment of large campus network also includes all three links, namely: device-level redundancy, link-level redundancy and gateway-level redundancy. This article will explain the basic principles and implementations of these three redundant technologies in detail.

device-level redundancy technology

device-level redundancy technology is divided into power supply redundancy and management board redundancy. Due to the limitations in equipment cost, both technologies are used in mid-to-high-end products. The following figure shows the power supply redundancy technology of a manufacturer's switch :

As shown in the figure, a manufacturer's equipment has two built-in power slots. By inserting different modules, two AC power sources or two DC power sources can be accessed, realizing 1+1 backup of the device's power sources. The most common configuration in the project is to insert two P6800-AC modules at the same time to realize a 1+1 backup of the 220v AC power supply. After the implementation of redundant backup of of

power module , when the main power supply is interrupted, the backup power supply will continue to power the equipment without causing business interruption.

Note: When implementing 1+1 redundancy of power supply, please use two power modules of the same model to implement it. If one is an AC power module P6800-AC and the other is a DC power module P6800-DC, it may cause damage to the switch.

Switch's management board redundancy technology

As shown in the figure, a switch provides two management card slots, and M6806-CM is the main management module of RG-S6806E. It undertakes functions such as system switching, system status control, routing management, user access control and management, network maintenance, etc. The management module is inserted in the M1 and M2 slots in the middle of the chassis motherboard insertion frame, supporting main and backup redundancy, realizing hot backup, and supporting hot plug-in.

Simply put, management card redundancy means that during the switch operation, if the main management board does not work normally, the switch will automatically switch to the slave management board to work without losing the corresponding user configuration, thereby ensuring that the network can run normally and achieving redundant functions.

In actual projects, devices that use dual management cards automatically select the main management card. If it is inserted into the device first, it will become the main management card, and the inserted board will automatically be in a redundant state. However, you can also use the command to select which board becomes the main management card. The specific configuration is as follows

Note: During the switch operation, if the user performs switching of the main management card after certain configurations, be sure to remember to save the configuration, otherwise the user configuration will be lost.

In actual projects, the high-end switches of the S65 and S68 series are generally at the core of the network or regional core position, carrying the key service traffic in the campus network. In order to provide a more reliable network platform.

Link-level redundancy technology

There are often multiple layer two and layer three links in large campus networks. Using link-level redundancy technology can achieve backup between multiple links, traffic sharing and loop avoidance. This chapter will explain several major link redundancy technologies.

Implementation of layer two link redundancy:

mainly implements redundancy in layer two links, spanning tree protocol and link bundling technology. The spanning tree protocol is a pure layer two protocol, but link bundling technology can be used on both layer two interfaces and layer three interfaces. The first thing to introduce is link bundling technology (Aggregate-port).

Layer 2 Link Bundling Technology

Basic Principles of AP Technology

bundles multiple layer 2 physical links together to form a simple logical link. We call this logical link an aggregate port (AP for short). AP is an important way to expand the link bandwidth , and complies with the IEEE 802.3ad standard.

It can superimpose the bandwidth of multiple ports to form a logical port with a larger bandwidth. At the same time, when a member link in the AP is disconnected, the system will allocate the traffic of the link to other effective links in the AP, realizing load balancing and link redundancy. AP technology is generally used in the backbone link between switches, or between switches and servers with large traffic.

Basic application and configuration of layer 2 AP technology

Let’s see a simple AP application example:

In the figure, there are two 100 megalinks on the two switches forming a loop. If you want to avoid the loop, you must enable the spanning tree protocol, which will cause one of the links to be blocked, which not only causes bandwidth waste, but also violates the original design intention of using two links to achieve redundancy and load sharing.

In this case, using AP technology can solve this problem in a long way. By bundling two links to form a logical port AggregatePort, the bandwidth is increased to 200M. At the same time, when one of the two links fails, the traffic will be automatically transferred to the other link, thus achieving the purpose of bandwidth improvement, traffic sharing and redundant backup. The specific device configuration of

takes S3550-1 as an example:

After the configuration is completed, the result is checked using the command is as follows:

S3550-1#show aggregatePort 1 summary

AggregatePort MaxPorts SwitchPort Mode Ports

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Become a member of AP Group 1.

Layer 2 AP technology Load balancing

AP technology configuration and application environment are not complicated, but when using AP in actual projects, many people often ignore a problem, that is, how to use the load balancing mode of AP.

Layer 2 AP has two load balancing modes: frame forwarding based on source MAC or target MAC. In actual projects, flexibly using these two modes can enable the AP to maximize its effectiveness.

In the figure, we can see that there is an AP link composed of three hundred megabytes between the core and the aggregation. By default, the second layer AP performs multi-link load balancing based on the source MAC address. There is no problem with this on the user-side switch, because the data comes from different user hosts and the source MAC is different; but if the packet is also based on the source MAC on the core switch , only one of the three links will be used, because the core switch sends only one source MAC to the user data frame, which is its own SVI interface MAC. Therefore, in order to make full use of all member links of the AP, it must be changed to a load balancing method based on the purpose MAC on the core switch.

Adjust the configuration of the second-tier AP load balancing mode, take S3550 as an example:

spanning tree technology

This chapter mainly introduces how to use spanning tree technology to achieve redundancy and traffic sharing of layer two links in actual projects. There will be no too much description of the principles of spanning tree technology. If readers who are interested in spanning tree technology, please check the information yourself.

Spanning Tree Protocol 802.1D STP, as a pure layer two protocol, implements two important functions by establishing an optimal tree topology in a switched network: loop avoidance and redundancy. However, the pure spanning tree protocol IEEE 802.1D is not many in practical applications because it has several very obvious shortcomings: slow convergence and wastes the bandwidth of redundant links.

is an upgraded version of STP. IEEE 802.1W RSTP solves the problem of slow convergence, but it still cannot effectively use redundant links for load sharing. Therefore, in actual engineering applications, 802.1S MSTP technology is often used.In addition to retaining the advantages of RSTP fast convergence, MSTP can also use instance (instance) to associate VLAN to achieve multi-link load sharing. Let's take a look at an example:

Use STP to achieve link redundancy

As shown in the figure, it is a common Layer 2 networking method. All three switches have two VLANs, VLAN10 and VLAN20. There are two links from the access layer switch to the aggregation switch. If 802.1D STP technology is used for link redundancy, it will lead to the result in the figure below:

It can be clearly seen from the figure that using 802.1D STP or 802.1W RSTP can achieve link redundancy, but in any case, it will cause a certain uplink of the S2126G to be blocked, resulting in a waste of link bandwidth.

uses MSTP to achieve link redundancy and load sharing

If 802.1S MSTP is used, the purpose of redundancy and traffic sharing can be achieved at the same time. Now let’s take a look at how to correctly use MST to implement the above functions under this topology structure.

(1) enable MST on all three switches, and establish a mapping between VLAN 10 to Instance 10 and VLAN 20 to Instance 20. This way, the original physical topology is logically divided into two topology through the mapping relationship between Instance to VLAN, corresponding to VLAN 10 and VLAN 20 respectively.

(2) Adjusts S3550-1's bridge priority in VLAN10 to 4096, ensuring that it is elected as a root bridge in the logical topology of VLAN 10. At the same time, the bridge priority in VLAN20 is adjusted to 8192 to ensure its alternate root bridge position in the logical topology of VLAN20.

(3) The adjustment method of S3550-2 is similar to S3550-1. It is also necessary to ensure that in VLAN20, S3550-2 becomes the root bridge, and in VLAN10, it becomes the backup root bridge.

The following figure describes the implementation process of using MSTP in this case

MSTP configuration example:

S2126G configuration is as follows

S3550-1 configuration is as follows

S3550-2 configuration is as follows

Note: Since the configuration of MST is relatively complex, some common errors in the configuration of MST are listed below.

(1) Spanning-tree mode has no selection.

(2) The Instance mapping relationship of each switch is inconsistent, which causes the links between switches to be blocked by errors.

(3) After many engineers have configured the root bridge priority of S3550-1 in Instance10, they do not set it as an alternate root bridge for another instance. This is a very dangerous operation, because once the main link of Instance20 fails, S2126G may be elected as the root bridge, so that all traffic to VLAN20 must pass through the access layer switch such as S2126G, which may cause S2126G to crash in extreme cases.

(4) MST configuration sequence problem. You should open the spanning tree after configuring the MST parameters, otherwise MST may work abnormally.

(5) The VLAN associated with Instance is not specified and all VLANs are summarized into Instance0. In actual projects, you need to pay attention to the root bridge specification of Instance0.

Layer three link redundancy technology

Layer three link redundancy technology is much richer than Layer two link redundancy technology. Relying on various routing protocols, layer three link redundancy and load balancing can be easily achieved. In addition, the three-layer link bundling technology also provides an option outside the routing protocol. Since in the current large campus network, the routing protocol used in most cases is OSPF, when discussing redundancy technologies based on routing protocols, only OSPF is considered.

Layer 3 link bundling technology

Layer 3 link AP and Layer 2 link AP technology are the same. Both the purpose of increasing bandwidth by bundling multiple links to form a logical port to ensure redundancy and load sharing. In this section, we will only introduce the basic configuration of the three-layer AP.

As shown in the figure, the two S3550s need to establish a three-layer AP. Taking S3550-1 as an example, its configuration is as follows:

Note: To establish a three-layer AP, you need to first manually establish the aggregation port and set it to a three-layer interface.If the switch port is directly added, an error will occur that the interface type does not match and the command cannot be executed.

Load balancing mode of layer three AP

Like layer two AP, layer three AP also needs to choose load balancing mode, and the configuration is as follows:

OSPF-based layer three link redundancy technology

OSPF-based layer three link redundancy technology is widely used in large campus networks, and link redundancy and load sharing can be easily achieved through the adjustment of cost value. The OSPF network in the

diagram has achieved redundant backup and load sharing of links, core devices and exits through cost adjustment. In fact, for networks with this topological interface, there is another solution to using OSPF, which is to load balancing on the two uplinks of S6806E without modifying the cost value. This method seems to be more reasonable than the previous solution. However, in actual projects, since private addresses are used within the park, NAT conversion is required on the egress router, so it is not feasible in this topology. For such a network, it is impossible to achieve true load balancing, and link traffic can only be allocated reasonably through planning and design.

Let’s take a look at the network in the figure below. Since this OSPF network is a single-exit topology, it does not require manual adjustment of the cost value to achieve traffic sharing. Just change the reference bandwidth of OSPF, and OSPF will automatically implement load balancing.

gateway-level redundancy technology implementation of VRRP

The redundancy technology mentioned earlier ensures redundancy at the campus network level. Similarly, for end users who use the network, a mechanism is also needed to ensure their reliable connection with the campus network, which is gateway-level redundancy technology.

VRRP is a fault-tolerant protocol. It ensures that when the host's next hop router fails, it can be replaced by another router in time, thereby maintaining the continuity and reliability of communication. The VRRP protocol simulates multiple physical routers into a virtual router through interactive packets, and the host on the network communicates with the virtual router. Once a physical router in the VRRP group fails, other routers will automatically take over their work.

VRRP application for single VLAN

A typical application of VRRP in single VLAN is shown in the figure below. All devices and users in the figure are in VLAN10. For users, their computer gateway is set as the IP address of the virtual router S3550-3. In fact, the device that actually forwards is S3550-1 and S3550-2 as redundancy. Once the S3550-1 fails, the S3550-2 will automatically take over its work, and this change cannot be sensed for the user.

In a single VLAN, the basic configuration of VRRP is as follows:

S3550-1 configuration

S3550-2 configuration

VRRP router load sharing in multi VLAN:

In the case of multi VLAN, if S3550-1 is used as the main gateway, S3550-2 is actually a huge waste of network resources only for redundancy. The load sharing mode of VRRP routers in multiple VLANs is essentially an expansion of the VRRP application model in a single VLAN. As shown in the figure below, corresponding VRRP groups are established in different VLANs, and priority adjustments are made to enable routers to play different roles in multiple VLANs. This allows traffic to be evenly distributed on the links and devices, thereby achieving the purpose of redundancy and traffic sharing. This application idea is similar to MST's multi-VLAN traffic sharing, and it also implements the division of logical topology based on VLAN.

In a multi-VLAN environment, the basic configuration for implementing VRRP router load sharing is as follows:

S3550-1 configuration

S3550-2 configuration

After the above configuration, VRRP group 1 is finally established in VLAN10, S3550-1 is elected as the main gateway, S3550-2 becomes the backup gateway, and VRRP group 2 is established in VLAN20, S3550-2 is elected as the main gateway, S3550-1 is established in VLAN10, S3550-2 is elected as the main gateway, S3550-1 is established in VLAN20, S3550-2 is elected as the main gateway, S3550-1 Become a backup gateway.

Comprehensive use examples of redundancy technology: MSTP+VRRP

Since each redundancy technology works at a specific level, it is necessary to use a combination of multiple redundancy technologies in actual network application to truly ensure the reliability of the network. Below, we will introduce an example of the comprehensive application of redundancy technology, using MSTP+VRRP to achieve VLAN-based link redundancy and gateway redundancy.

As shown in the figure, this is the topology diagram of a certain aggregation node of a large campus network. There are two user VLANs: VLAN10 and VLAN20. Dual-core and dual-link backup are used in the access switch S2126G to layer three aggregation. For this type of network, the designer's intention is obvious: the desire to achieve the highest security and reasonable traffic sharing. To achieve this, MSTP and VRRP must be used in combination. As shown in Figure 8-14.

For this case, after decomposing the topology diagram into a logical topology of a single VLAN, it is very simple to understand. It is nothing more than selecting the root bridge of this VLAN by adjusting the bridge priority, and then adjusting the priority of VRRP so that this root bridge becomes the main gateway of the corresponding VRRP group at the same time.

Under normal circumstances, the data traffic of users of two VLANs enters the campus network through different uplinks and gateways, realizing load sharing between links and gateways. At the same time, when a fault occurs, MSTP guarantees the switching of layer 2 redundant links, while VRRP ensures the switching of backup gateways. The two technologies are organically combined, thus perfectly solving the redundancy problem of this type of network.

The specific configuration of this case is as follows:

S3550-1 Configuration in VLAN10 and VLAN20

S3550-2 Configuration in VLAN10 and VLAN20

Note: In actual projects, you must pay attention to the location of the root bridge in a VLAN and the location of the VRRP main gateway, otherwise it will cause network failure.